Combination of group policies and desktop management to protect user data security

Source: Internet
Author: User

BKJIA exclusive Article] group strategy is a masterpiece of Microsoft. We have also introduced many group policy applications in previous articles. When we use a computer, the first impression should be the desktop of the computer, which has a headache for many users. In fact, group policies can help you solve this pain.

In today's network environment, network security is greatly challenged. for LAN security, you need to publish and maintain customized desktop settings for various users, such as mobile users, information workers, and other users who strictly define work tasks, such as data input. The corresponding security settings and updates must be effectively transmitted to all computers and devices in the Organization. In the event of a computer crash or catastrophic event, the service must be restored with minimal data loss or interruption. To improve efficiency, it is necessary to implement changes quickly and for a large number of users and computers. Group policies appear to meet these requirements. For example, when you need to define these settings at one time, you can use the Active Directory to apply group policies to sites, domains, users, and computers. In addition, you can manage servers by setting server operations and security settings. You can also release the specified software for a user member in an OU.

Each group policy can be set to unconfigured, enabled, or disabled.

Not Configured (Not Configured): this setting is ignored by default, and no changes are made to the computer. This status does Not specify a specific value during registration.

Enabled: The action associated with the policy settings of the group is Enabled.

Disabled: prevents this setting from being implemented.

The following describes some specific group policy applications.

Windows desktops, like our desks, need to be organized and cleaned frequently, and the Group Policy is like our Secretary, making desktop management easy. Let's take a look at several practical configuration instances:

Location: "Group Policy console> User Configuration> management template> desktop"

1. Hide the Desktop System icon Windows 2000/XP/2003)

Although the system icon function on the desktop can be hidden by modifying the registry, it is troublesome and risky. The group policy configuration method can be used to achieve this goal conveniently and quickly.

For example, to hide the "Network Neighbor" and "Internet Explorer" icons on the desktop, you only need to enable the "hide the 'Network neighbor 'icon on the desktop" and "hide the Internet Explorer icon on the desktop" options in the right pane. If you want to hide all the icons on the desktop, you only need to enable "hide and disable all projects on the desktop; after the "delete my documents" icon on the desktop "and" delete my computer "icon on the desktop are enabled, the "my computer" and "My Documents" icons will disappear from your desktop. Similarly, if you want to remove the "recycle bin" icon, you only need to enable the "delete recycle bin from desktop" policy item.

2. Do not save the desktop settings Windows 2000/XP/2003 when you exit)

This policy prevents users from saving some changes to the desktop. If you enable this policy, you can still change the desktop, but some changes, including the location of the subject, the location and size of the taskbar, cannot be saved after the user logs out, however, shortcuts on the taskbar can always be saved.

In the right pane, enable the policy option "do not save settings when exiting.

3. Disable the "Clear desktop wizard" function for Windows XP/2003)

The clear desktop wizard automatically runs on your computer every 60 days to clear desktop icons that are not frequently used or never used by users. If this policy is enabled, the "clean up desktop wizard" can be blocked. If you disable or do not configure this setting, the "clean up desktop wizard" runs every 60 days according to the default settings.

Open the delete Desktop Cleanup Wizard in the right pane and set the policy options as needed.

4. enable/disable "Active Desktop" Windows 2000/XP/2003)

"Active Desktop" is a Windows 98 or later version) or an advanced feature installed in the IE 4.0 system. The biggest feature is that you can set wallpaper in various image formats, you can even display webpages as wallpaper. But for security and performance considerations, sometimes we need to disable this function and prohibit users from enabling it), you can easily achieve this through policy settings. To enable this policy, open "Disable Active Desktop" in the right pane.

Tip: If you enable both "enable Active Desktop" and "Disable Active Desktop", the "Disable Active Desktop" setting will be ignored. If "Disable Active Desktop and Web View" is enabled in "user configuration> management template> Windows Components> Windows Resource Manager", Active Desktop is disabled, both policies are ignored.

BKJIA exclusive Article. For details about the cooperation site, please indicate the original author and source .]

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.